Hi Alexander,
Thanks for the quick reply; rearranging the certs didn't seem to do much for the setup; I guess I'm getting one thing wrong, which was the cause for my followup. How can I make dovecot only rely on cert and no furhter authentication for giving access to the user, when making dovecot lift the user ID from the client cert?
Hmm, i don't think that's the reason for the "invalid certificate" error. Another question: are the clientcertificates and the servercertificate signed by the same CA?
In case you want the ssl-verify error in the logfiles:
in src/logincommon/ssl-proxy-openssl.c, line 607
change: i_info("Invalid certificate: %s", buf); to: i_info("Invalid certificate: %s: %s, X509_verify_cert_error_string(ctx->error) ,buf);
should help, (tested on beta8) (don't forget to recompile, install, restart ;-))
success!
--
groeten,
HenkJan Wolthuis